2 Replies Latest reply on Jul 31, 2012 12:22 AM by Shinogi

    Malicious exe download detection


      We have a requirement to detect exe downloads. There are a couple ways I can think to do this.


      Option 1...Catch HTTP get requests.. for files ending in exe. (Issue obviously being that the GET could be for jpg but ... Content-Type:                                 application/octet-stream

      Option 2.. try and catch MZ in the first x bytes.  but there are some issues with  gzip/chunked encoding etc..


      What do you all recommend?